From e99f33470887e7bc1f6ca3d02ad7f6882142baae Mon Sep 17 00:00:00 2001 From: spyroukon Date: Thu, 10 Nov 2022 17:34:23 +0000 Subject: [PATCH] 1. removed registeredBy from add/update interface controllers 2. changed authorization expression for interface validation --- .../controllers/RepositoryController.java | 6 ++--- .../manager/service/RepositoryService.java | 3 +-- .../service/RepositoryServiceImpl.java | 25 +++++++++++-------- .../manager/service/ValidatorServiceImpl.java | 3 +-- 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java index e711390..473109a 100644 --- a/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java +++ b/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java @@ -205,10 +205,9 @@ public class RepositoryController { @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)") public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype, @RequestParam("repoId") String id, - @RequestParam("registeredBy") String registeredBy, @RequestParam(value = "comment", required = false) String comment, @RequestBody RepositoryInterface repositoryInterface) throws Exception { - return repositoryService.addRepositoryInterface(datatype, id, registeredBy, comment, repositoryInterface); + return repositoryService.addRepositoryInterface(datatype, id, comment, repositoryInterface); } @RequestMapping(value = "/updateRepositoryInterface", method = RequestMethod.POST, @@ -216,10 +215,9 @@ public class RepositoryController { @ResponseBody @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)") public RepositoryInterface updateRepositoryInterface(@RequestParam("repoId") String id, - @RequestParam("registeredBy") String registeredBy, @RequestParam(value = "comment", required = false) String comment, @RequestBody RepositoryInterface repositoryInterface) throws Exception { - return repositoryService.updateRepositoryInterface(id, registeredBy, comment, repositoryInterface); + return repositoryService.updateRepositoryInterface(id, comment, repositoryInterface); } @RequestMapping(value = "/getUrlsOfUserRepos/{page}/{size}/", method = RequestMethod.GET, diff --git a/src/main/java/eu/dnetlib/repo/manager/service/RepositoryService.java b/src/main/java/eu/dnetlib/repo/manager/service/RepositoryService.java index 1411092..3febfbd 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/RepositoryService.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/RepositoryService.java @@ -68,7 +68,6 @@ public interface RepositoryService { RepositoryInterface addRepositoryInterface(String datatype, String repoId, - String registeredBy, String comment, RepositoryInterface repositoryInterface) throws Exception; List getDnetCountries(); @@ -93,6 +92,6 @@ public interface RepositoryService { Map getListLatestUpdate(String mode) throws JSONException; - RepositoryInterface updateRepositoryInterface(String repoId, String registeredBy, String comment, RepositoryInterface repositoryInterface) throws Exception; + RepositoryInterface updateRepositoryInterface(String repoId, String comment, RepositoryInterface repositoryInterface) throws Exception; } diff --git a/src/main/java/eu/dnetlib/repo/manager/service/RepositoryServiceImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/RepositoryServiceImpl.java index 51dbc3e..e39b508 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/RepositoryServiceImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/RepositoryServiceImpl.java @@ -11,6 +11,7 @@ import eu.dnetlib.domain.enabling.Vocabulary; import eu.dnetlib.domain.functionality.validator.JobForValidation; import eu.dnetlib.repo.manager.domain.*; import eu.dnetlib.repo.manager.domain.dto.Role; +import eu.dnetlib.repo.manager.domain.dto.User; import eu.dnetlib.repo.manager.exception.BrokerException; import eu.dnetlib.repo.manager.exception.RepositoryServiceException; import eu.dnetlib.repo.manager.exception.ResourceNotFoundException; @@ -653,8 +654,8 @@ public class RepositoryServiceImpl implements RepositoryService { @Override public RepositoryInterface addRepositoryInterface(String datatype, String repoId, - String registeredBy, String comment, RepositoryInterface repositoryInterface) throws Exception { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); Repository e = this.getRepositoryById(repoId); repositoryInterface = createRepositoryInterface(e, repositoryInterface, datatype); // String json_interface = converter.toJson(e, repositoryInterface); @@ -669,22 +670,22 @@ public class RepositoryServiceImpl implements RepositoryService { restTemplate.postForObject(uriComponents.toUri(), httpEntity, String.class); try { - emailUtils.sendAdminRegisterInterfaceEmail(e, comment, repositoryInterface, SecurityContextHolder.getContext().getAuthentication()); - emailUtils.sendUserRegisterInterfaceEmail(e, comment, repositoryInterface, SecurityContextHolder.getContext().getAuthentication()); + emailUtils.sendAdminRegisterInterfaceEmail(e, comment, repositoryInterface, authentication); + emailUtils.sendUserRegisterInterfaceEmail(e, comment, repositoryInterface, authentication); } catch (Exception ex) { LOGGER.error("Error sending emails: " + ex); } - submitInterfaceValidation(e, registeredBy, repositoryInterface, false); + submitInterfaceValidation(e, getAuthenticatedUser().getEmail(), repositoryInterface, false); return repositoryInterface; } @Override public RepositoryInterface updateRepositoryInterface(String repoId, - String registeredBy, - String comment, RepositoryInterface repositoryInterface) throws Exception { - + String comment, + RepositoryInterface repositoryInterface) throws Exception { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); this.updateBaseUrl(repoId, repositoryInterface.getId(), repositoryInterface.getBaseurl()); this.updateCompliance(repoId, repositoryInterface.getId(), repositoryInterface.getCompatibility()); this.updateValidationSet(repoId, repositoryInterface.getId(), repositoryInterface.getAccessSet()); @@ -692,8 +693,8 @@ public class RepositoryServiceImpl implements RepositoryService { Repository repository = this.getRepositoryById(repoId); try { try { - emailUtils.sendAdminUpdateInterfaceEmail(repository, comment, repositoryInterface, SecurityContextHolder.getContext().getAuthentication()); - emailUtils.sendUserUpdateInterfaceEmail(repository, comment, repositoryInterface, SecurityContextHolder.getContext().getAuthentication()); + emailUtils.sendAdminUpdateInterfaceEmail(repository, comment, repositoryInterface, authentication); + emailUtils.sendUserUpdateInterfaceEmail(repository, comment, repositoryInterface, authentication); } catch (Exception e) { LOGGER.error("Error sending emails: " + e); } @@ -701,11 +702,15 @@ public class RepositoryServiceImpl implements RepositoryService { LOGGER.warn("Could not send emails", e); } - submitInterfaceValidation(getRepositoryById(repoId), registeredBy, repositoryInterface, true); + submitInterfaceValidation(getRepositoryById(repoId), getAuthenticatedUser().getEmail(), repositoryInterface, true); return repositoryInterface; } + private User getAuthenticatedUser() { + return User.from(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo()); + } + private void submitInterfaceValidation(Repository repo, String userEmail, RepositoryInterface iFace, boolean updateExisting) throws ValidatorServiceException { JobForValidation job = new JobForValidation(); diff --git a/src/main/java/eu/dnetlib/repo/manager/service/ValidatorServiceImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/ValidatorServiceImpl.java index 4d33b33..00d91af 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/ValidatorServiceImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/ValidatorServiceImpl.java @@ -127,7 +127,7 @@ public class ValidatorServiceImpl implements ValidatorService { } @Override - @PreAuthorize("hasAuthority('REGISTERED_USER') and #jobForValidation.userEmail == authentication.userInfo.email") + @PreAuthorize("hasAuthority('REGISTERED_USER') and @authorizationService.isMemberOf(#jobForValidation.datasourceId)") public JobForValidation submitJobForValidation(JobForValidation jobForValidation) throws ValidatorServiceException { LOGGER.debug("Submit job for validation with id : " + jobForValidation.getDatasourceId()); try { @@ -158,7 +158,6 @@ public class ValidatorServiceImpl implements ValidatorService { } @Override - @PreAuthorize("hasAuthority('REGISTERED_USER') and #email == authentication.userInfo.email") public ResponseEntity reSubmitJobForValidation(String email, String jobId) throws JSONException, ValidatorServiceException { LOGGER.debug("Resubmit validation job with id : " + jobId);